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REMARKS 

Claims 1-34 were presented for examination and all claims were rejected. In the current 
amendment, claims 1-13 16-20, 22-28, and 30-32 have been amended. No new matter has been 
introduced. Upon entry of the current amendment, claims 1-34 will be pending, of which claims 
1 and 26 are independent. Applicants submit that claims 1-34 are patentable and in condition for 
allowance. 

The following comments address all stated grounds of rejection. Applicants respectfully 
traverse all rejections and urge the Examiner to pass the claims to allowance in view of the 
remarks set forth below. 

CLAIM REJECTIONS UNDER 35 U.S.C. $101 

I. Claims 26-34 Rejected Under 35 U.S.C. $101 

Claims 26-34 were rejected under 35 U.S.C. §101 as directed towards non-statutory 
subject matter. Claims 26 is an independent claim. Claims 27-34 depend on and incorporate all 
of the patentable subject matter of independent claim 26. Applicants respectfully traverse this 
rejection and submit that claims 26-34 are directed towards patent eligible subject matter. 

Under the "machine-or-transformation" test of In Re Bilski ("Bilski"), claimed subject 
matter is patentable under 35 U.S.C. §101 if "(1) it is tied to a particular machine or apparatus, 
or (2) it transforms a particular article into a different state or thing." 545 F.3d 943, 954 (CAFC, 
2008). Claim 26 recites an apparatus comprising computer-readable program means for 
receiving a request; computer-readable program means for forming a literal name; and computer- 
readable program means for requesting access. These means-plus-function limitations include 
corresponding structure defined in the specification. Such an apparatus having these means is a 
particular machine and is thus statutory subject matter (see MPEP 2106.01, citing to In Re 
Warmerdam, 33 F.3d 1354, 1360-1361 (Fed. Cir. 1994)). 

Because claim 26 is directed to a particular machine, Applicants submit that claim 26 is 
patentable under 35 U.S.C. §101. Thus, Applicants submit that claims 27-34 are also patentable 
under 35U.S.C.§101. Accordingly, Applicants respectfully request the Examiner to reconsider 
and withdraw the rejection of claims 26-34 under 35 U.S.C. §101. 
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CLAIM REJECTIONS UNDER 35 U.S.C. §112 

II. Claims 1-34 Rejected Under 35 U.S.C. $1 12. First Paragraph 

Claims 1-34 are rejected under 35 U.S.C. §112, first paragraph, as failing to comply with 
the written description requirement. In the Advisory Action dated October 23, 2009, the 
Examiner contends that there is insufficient support for "selecting, by the computer, a rule 
associated with the request, the selection responsive to the application isolation layer and the 
user isolation layer forming the isolation environment." 

Applicants respectfully disagree and traverse this rejection. Applicants submit that 
support for this limitation is found in at least paragraphs [0081], [0083], [0085] and [0330] of the 
specification. For example, paragraph [0081] recites "[t]he rules associated with the desired 
isolation scope are retrieved. . .and the rules associated with the process identifier. . .are used to 
virtualize access to the requested resource." Paragraph [0085] recites "the rules associated with 
the stored process are used to virtualize the request to access native resources." Paragraph 
[0330] recites "the association of the process with a source isolation scope. . .is used by the rules 
engine on every request for a virtual native resource to determine the rule to apply to the 
request." In light of these specification sections, Applicants submit that the specification 
supports each of the claimed elements. Accordingly, Applicants respectfully request that the 
Examiner withdraw this rejection. 

III. Claims 1-34 Rejected Under 35 U.S.C. §1 12. Second Paragraph 

Claims 1-34 were rejected under 35 U.S.C. §1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which Applicants 
regard as the invention. 

A. Antecedent Basis 

Applicants submit that the amendments made to Claims 1, 2, 5 and 26 overcome this 
rejection. Applicants further submit that Claim 5 does not include the phrase "the group." Thus, 
Applicants submit that each claim element provides proper antecedent basis and respectfully 
request that the Examiner withdraw this rejection. 
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B. Indefiniteness 

Applicants submit that the amendments made to Claims 1-13, 16-20, 22-25, 27-28 and 
30-32 overcome the rejections listed in sections i, ii, iii, v and vi. With regard to Claim 26, 
Applicants respectfully direct the Examiner to Figure 12 and accompanying paragraphs [0275]- 
[0285] of the present disclosure, which describe forming a literal name for a requested system 
object in response to a selected rule. In light of the above remarks, Applicants respectfully 
request that the Examiner withdraw this rejection. 

CLAIM REJECTIONS UNDER 35 U.S.C. S102 

IV. Claim 26 Rejected under 35 USC §102 

Claim 26 was rejected under 35 U.S.C. § 102(e) as anticipated by U.S. Patent No. 
7,203,941 to Demsey et al. ("Demsey"). Claim 26 is an independent claim. Applicants traverse 
this rejection and submit that Demsey fails to disclose each and every element of claim 26, as 
amended. 

A. Claim 26 Patentable over Demsey 

A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference. Independent claim 26 is 
directed towards an apparatus for virtualizing access to named system objects. Claim 26 recites 
an isolation environment comprising an application isolation layer and a user isolation layer. 
The specification defines an application isolation layer as providing an application program with 
a unique view of native resoiu-ces such as: the file system; the registry; objects; and window 
names based on the application (see Specification, para. [0061]). The specification defines a 
user isolation layer as providing an application program with a view of native resources that is 
ahered based on the user identity for the user on whose behalf the application is executed (see 
Specification, para. [0065]). Apphcants respectfiiUy submit that Demsey fails to disclose each 
and every element of claim 26. 

Demsey does not disclose an isolation environment that includes an application isolation 
layer and a user isolation layer. Rather, Demsey merely describes a tracking system for native 
resources, (see Demsey, Summary). In the Office Action, the Examiner equates the application 
isolation layer and the user isolation layer to Demsey's "managed code portion" and "user code." 
However, the "user code" described in Demsey is merely any application installed by the user 
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other than the virtual machine and the operating system, {see Demsey, Fig. 1, and col. 5, lines 
46-48). The "managed code portion" described in Demsey refers to a portion of the Virtual 
Machine (VM) environment which uses native resources, {see Demsey, col. 1, lines 13-28). 
Neither the "user code" nor the "managed code portion" described in Demsey provide a unique 
view of native resources. Further, applications in Demsey are not isolated from each other and 
actually share the same native resources, {see Demsey, col. 2, lines 19-23). Therefore, Demsey 
fails to teach or suggest an isolation environment including an application isolation layer and a 
user isolation layer, as explicitly required by the claims. 

Additionally, Demsey fails to teach or suggest the process requesting access to a system 
object, in which the request includes a virtual name for the system object. The Examiner notes 
that Demsey describes an application executing in a virtual machine requesting access to a native 
resource {see Demsey, col. 7, lines 17-25). However, Demsey is silent regarding the request 
including a virtual name for the system object. Demsey describes applications that view the 
native resources directly. Thus, Demsey does not use a virtual name for the system object in a 
request. 

Demsey also fails to teach or suggest forming a literal name for the system object. As 
discussed above, Demsey's applications request access directly to system objects. Accordingly, 
Demsey does not need to form a literal name for the object, because Demsey docs not need to 
translate a virtual name for the object. 

Additionally, in Demsey, the applications are not isolated from each other, as required by 
the present invention. Rather, the applications in Demsey share the same native resources {see 
Demsey, col. 7, 33-36). 

For at least these reasons, Demsey fails to disclose each and every element of claim 26. 
Therefore, Applicants submit that claim 26 is patentable and in condition for allowance. 
Accordingly, Applicants respectfully request the Examiner to withdraw the rejection of claim 26 
under 35 U.S.C. §102. 

CLAIM REJECTIONS UNDER 35 U.S.C. $103 

V. Claims 1-25. 27-34 Rejected under 35 USC $103(a) 

Claims 1-25 and 27-34 were rejected as unpatentable over Demsey in view of U.S. Patent 
Application Publication No. 2003/0233544 to Erlingsson ("Erlingsson"). Claims 2-25 depend on 
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and incorporate all of the patentable subject matter of independent claim 1 . Claims 27-34 
depend on and incorporate all of the patentable subject matter of independent claim 26. 

Applicants traverse these rejections and submit that Demsey and Erlingsson, alone or in 
combination, fail to teach or suggest each and every feature of the claimed invention. 

A. Independent Claim 1 Patentable over Demsey in view of Erlingsson 
To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. Claim 1 is directed towards a method for 
virtualizing access to system objects for processes executing in the context of an isolation 
environment, the isolation environment comprising an application isolation layer and a user 
isolation layer. The process requests access to a system object, and the request includes a virtual 
name for the system object. A rule is selected, responsive to the application isolation layer and 
the user isolation layer forming the isolation environment. Based on the selected rule, a literal 
name for the system object is formed and the request for access is issued to the operating system, 
now with the literal name instead of the virtual name for the system object. Demsey and 
Erlingsson, alone or in combination, fail to teach or suggest each and every element of the 
claimed invention. 

The arguments made above with respect to claim 26 regarding Demsey apply with equal 
force here and reiterated as if set forth in full. As with Demsey, Erlingsson also fails to teach or 
suggest a process executing in a context of an isolation environment, comprising an application 
isolation layer and a user isolation layer. Although Erlingsson describes a system for providing a 
secure application environment using derived user accounts, it does not describe a user isolation 
layer or an application isolation layer. Rather than providing a user isolation scope, Erlingssons 
user accounts all access the same native resources, with access controlled merely by access 
privileges, permissions, and rights granted to each user {Id., col. 4, lines 19-25). Thus, all user 
accounts can access the same native resources. 

Erlingsson also fails to teach or suggest a process requesting access to a system object, 
the request including a virtual name for the object or forming a literal name for the object. In 
Erlingsson, applications request access to a resource directly by a literal name. Depending on 
transformation rules, Erlinggson may transform the request to request access to a different 
resource via a different literal name {Id., col. 7, lines 41-59). Erlingsson is silent with regards to 
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the request including a virtual name for an object, and forming a literal name for the object in 
response to a rule determined based on the application isolation layer and user isolation layer in 
which the requesting process executes. Thus, Erlingsson also fails to teach or suggest these 
elements of the claimed invention. 

Because Demsey and Erlingsson, alone or in combination, fail to teach or suggest each 
and every element of the claimed invention. Applicants submit that independent claim 1 is 
patentable and in condition for allowance. As claims 2-25 depend on and incorporate all the 
patentable subject matter of independent claim 1, Applicants submit that claims 2-25 are also 
patentable and in condition for allowance. Accordingly, Applicants respectfully request the 
Examiner to withdraw the rejection of claims 1-25 under 35 U.S. C. §103. 

B. Dependent Claims 27-34 Patentable over Demsey and Erlingsson 
To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. The arguments made above with respect to claims 1 
and 26 apply with equal force here and are reiterated as if set forth in full. Because Demsey and 
Erlingsson, alone or in combination, fail to teach or suggest an isolation environment comprising 
an application isolation layer and a user isolation layer, Applicants submit that these references 
fail to detract from the patentability of independent claim 26. Thus, Applicants submit that 
claims 27-34 arc patentable and in condition for allowance. Accordingly, Applicants 
respectfully request the Examiner to withdraw the rejection with respect to claims 27-34 under 
35 U.S.C. §103. 
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CONCLUSION 

In light of the aforementioned arguments, Applicants contend that each of the Examiner's 
rejections has been adequately addressed and all of the pending claims are in condition for 
allowance. Accordingly, Applicants respectfully request reconsideration, withdrawal of all 
grounds of rejection, and allowance of all of the pending claims. 

Should the Examiner feel that a telephone conference with Applicants' attorney would 
expedite prosecution of this application, the Examiner is urged to contact the Applicants' 
attorney at the telephone number identified below. 



Respectfully submitted, 

CHOATE, HALL & STEWART, LLP 

Dated: January 21. 2010 / John D. Lanza / 

John D. Lanza 
Reg. No. 40,060 
Choate, Hall & Stewart, LLP 
Two International Place 
Boston, MA 021 10 
Phone: (617) 248-5000 
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